This article describes how to create a Certification Authority (CA) signed certificates for multiple cameras and distribute the CA certificate to multiple workstations. The attached step-by-step description was created for setting up BVMS recording authenticity feature in large systems.
Potential for Data Inconsistency Issues on E-Series Storage Systems
With the controller firmware 11.50.1 and newer version an issues are fixed by NetApp, which enforce an immediate update of all E2800 iSCSI Storage Systems (their controllers). In July 2019 BOSCH announced the need to update from all former NetApp controller firmware 08.30.40.00 to newer versions. These newer versions should be certified and approved by BOSCH. In 2019 there was also an announcement by NetApp. All customers owning a NetApp storage system with valid warranty agreement and registered unit do have access to the public announcemnt of NetApp. This was announced by NetApp on their support websites (see https://mysupport.netapp.com/).
Bosch approval 31st of January 2018
Bosch approval 7th of May 2019
Bosch approval 20th of September 2019
outlook May 2020
NetApp Firmware 08.30.40.00 no longer allowed for usage
NetApp Firmware: 11.50.R1 no longer allowed for usage
NetApp Firmware: 11.50.2 no longer allowed for usage
NetApp works on a global release of a version newer than 11.60.1 - Please ensure that Bosch has certified any newer version before installing!
Please follow our BOSCH Knowledge Base and monitor for updates at this article for important news. The BOSCH submodel ID 356 ensures that the NetApp system is optimized for 24/7 video recording. See article here: ℹ️ https://community.boschsecurity.com/t5/Security-Video/TB-VS-date-2020-04-22-New-Firmware-11-50-3R1P3-is-available-for/ta-p/12778
All DSA E-Series (E2800 12-bay) and DSA E-Series (E2800 60-bay)
Example product variants:
DSA-N2E8X4-12AT Base unit 12x4TB High-performance and high-capacity storage system base unit with iSCSI disk arrays, single controller. DSA E2800, 12 x 4 TB HDD, Order number DSA-N2E8X4-12A
DSA-N2C8X4-12AT Dual controller unit 12x4TB High-performance and high-capacity storage system base unit with iSCSI disk arrays, dual controller. DSA E2800, 12 x 4 TB HDD, Order number DSA-N2C8X4-12AT
Note: There are other models with various HDD capacity (e.g. 8TB harddrives and larger) available For more details visit the BOSCH product website
Summary of issue
NetApp® has become aware of issues that could occur when an E-Series controller reboots at certain points during the evacuation of data from a drive that is performed as part of the sequence when a drive is being failed by the controller. As a result, there is a small possibility of data inconsistency on controllers running certain versions of E-Series SANtricity® OS controller software.
First announced in 06/2019: The issues are possible on E-Series controllers running 8.30, 8.40, 11.30, 11.40, and 11.50 versions of E-Series SANtricity OS controller software. The overall probability of these issues occurring is very low, but RAID 1 volumes have a higher probability of encountering the issues than other RAID levels or NetApp Dynamic Disk Pools. These issues do not affect traditional RAID volume groups that have no global hot spare drives because drive evacuation does not occur in this configuration. For information about fixes in these releases, view the readme notes for each revision release.
No workaround available. Controller Firmware update is needed. HDD Firmware update is not in relation to the descdribed issue here, but it is in general recommended to install the latest offered HDD firmware that is recommended by BOSCH and NetApp. The same applies for HDD firmware.
Solution: Update the NetApp Controller Firmware
Upgrade E-Series SANtricity OS controller software to the latest applicable revision release for each platform as soon as possible. Please reach out to your local BOSCH technical team and BOSCH BT-SC/ETP-MKP team to ensure that the relevant NetApp Firmware has been approved to be usable for 24/7 video recording and replay use case. Even the global NetApp Firmware can be installed on BOSCH submodel ID 356
Where to get the Controller Firmware
All customers with a full NetApp NOW support account and valid warranty on their system can download the controller firmware by using the own NetApp user account. The verison offered at the NetApp NOW platform should be certified and allowed by BOSCH for video use cases. See also: https://community.boschsecurity.com/t5/Security-Video/TB-VS-date-2020-04-22-New-Firmware-11-50-3R1P3-is-available-for/ta-p/12778
In caase the download option is not offered to one of our customers, we kindly ask to make sure that the unit is registered on the company and that the NetApp NOW account belongs to the company that has registered the unit. In all other cases, please recout out to the BOSCH Support organisation or local Bosch Technical Support desk.
A NetApp SANtricity firmware / controller firmware package for E2800 model can be downloaded from the NetApp NOW website. Revisions can be found at https://mysupport.netapp.com/NOW/cgi-bin/software/ See also: https://mysupport.netapp.com/products/web/ECMLP2854621.html
Additional information is available at NetApp and accessible after user registration. First go to https://mysupport.netapp.com/ to register. Product Release Notes from NetApp: https://mysupport.netapp.com/ecm/ecm_download_file/ECMLP2842060
NetApp Support Bulletin, please view the following URL: https://kb.netapp.com/app/answers/answer_view/a_id/1086731 (As the URL can change any time by NetApp, search for the KB id 1086731)
Steps to update
The E-Series SANtricity ® OS package includes data for simplex controller and duplex controller systems and the firmware file itself.
NVSRAM File for for duplex.
NVSRAM file for simplex
and the controller firmware
Download the latest SANtricity OS software files from the NetApp Support Site to your management client.
From SANtricity System Manager, select Support > Upgrade Center .
In the area labeled “SANtricity OS Software upgrade,” click NetApp Support .
On the NetApp Support Site, click the Downloads tab, and then select Software .
Locate E-Series/EF-Series SANtricity OS (Controller Firmware) .
For the platform, select E2800 , and click Go!
Select the version of SANtricity OS (Controller Firmware) you want to install, and click View & Download .
Follow the online instructions to complete the file download.
Attention: Risk of data loss or risk of damage to the storage array — Do not make changes to the storage array while the upgrade is occurring. Maintain power to the storage array.
Which Bosch encoders and decoders are compatible with BVMS?
Up until some years ago, new released cameras, encoders, domes and decoders that are introduced into market after a BVMS release could not be connected to an existing BVMS version because these cameras where not known to the BVMS. In the BVMS 4.5.1, a new concept was introduced. This concept treats Bosch video encoders and decoders as generic devices, and automatically recognizes specific device functionality (for example the number of streams, relays and inputs). Based on this information the, at that time, unknown device is added to the system and can be used by the operator. The attached document provides a detailed description of this functionality.
IP cameras, Configuration Manager, BVMS Configuration Client
This article provides a background information about syslog, tips for 3 rd party Syslog server options and step by step instructions how to configure, activate and collect the syslog.
Syslog feature is implemented in all IP BOSCH Products. The BOSCH IP cameras as network devices can continuously send system messages via Syslog to a Syslog server software. This function should first be activated and configured.
Once configured syslog will allow a continuous monitoring information even throughout a complete IP camera power cycle (reboot) as the camera starts connecting to the syslog server IP as soon it is getting back online.
Syslog can be useful for analyzing issues that are unpredictable and difficult to reproduce.
3 rd party tools as Syslog server:
There are many different monitoring tools available on the market. Examples of some easy tools to start working with can be e.g.:
PRTG NETWORK MONITOR from PAESSLER
Kiwi Syslog Server
EventLog Analyzer from ManageEngine
Example configuration for KIWI syslog free edition to receive and save the syslog send by the camera.
Syslog server software must be installed on PC/Workstation that is on the same IP-network as the camera/encoder.
One should check the size of the log file per a day and be sure there is enough storage capacity.
1. Enable the logging of the Kiwi software. Access "Setup/Rules/Default/Actions/Log to file", check the box for “Log to file”, then browse to the path where the log files can be saved.
2. Add the IP address of the camera(s) to "Setup/Inputs". Click on the address box, type in the address of the camera, click “Add”, then “OK”. (The Free Edition can log a maximum of 5 cameras.)
3. This point should be done after the camera is configured to send the syslog data. Open the Kiwi software and select “Manage” then Click on “Start the Syslogd service”. Log information should start to scroll in the Syslog main window. How fast or often messages appear depend on which debug command was provided by Tech support
Configure the camera to send the syslog data
The configuration can be done via the Web Interface of the camera, Bosch Configuration Manager (stand-alone configuration software) or BVMS Configuration Client software (part of BVMS management system). The layout of the above 3 interfaces is very similar. The following steps and screenshots are done for Configuration Manager.
1. Ensure that the Date/Time of the Syslog PC, camera(s), and recording system are synchronized (as close as possible)
2. Enable the Time Stamping and ensure that it is set for milliseconds. a. NOTE: The time stamp is important for troubleshooting.
3. Navigate to Configuration Tab “Network/Advanced/Syslog”. Enter the IP address of the Syslog Sever PC/Workstation and click the “Save” icon.
4. Navigate to Configuration Tab “Service/Logging”, then Debug Logging. At the Even Logging text box the debug command that was provided to you by Bosch support team.
If no debug command was provided, use: syslog_dbg. Click on the “Save” icon.
Collecting the logs
Once the issue appears, note the date and time, collect and provide the maintenance.log from the camera and the syslog saved at the of the Syslog Sever PC/Workstation.
As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams.
There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure.
The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs.
The full description can be found in the attached whitepaper.
Combined firmware package 6.60 – applicable to all platforms
The Release Letter of the combined firmware package for all platforms 6.60.1321 provides information about the dependencies between firmware versions for a better understanding of the upgrade process of devices with older firmware.
CCP4 and CPP6 devices:
Due to an internal file system being introduced to CPP4 and CPP6 since firmware 6.10 and architectural changes thereof, a direct upgrade from firmware below version 6.10 to latest firmware is only possible via intermediate firmware 6.1x.
CPP4 cameras with firmware versions below 6.10 need to upload this package twice. For example, when having firmware 5.92 on a CPP4 device, you need to load the CPP all common firmware file two times: > First time this is loaded the device will be updated to the 6.11.0021 which is part of the common file. > Second time you load the common firmware file, the update to 06.50.0128 will be performed.
CPP6 cameras with firmware versions below 6.10 need to upload the separate firmware version 6.1x first to receive the latest firmware version. This means that intermediate firmware version 6.1x for CPP6 needs to be requested from your technical support. A support ticket to Level 3 team at MKP PRM group via the support ticket system is needed. In case we see a high demand for that a new combined firmware file might be created by PRM. Only after receiving and uploading firmware 6.1x, you can upload combined firmware package for all platforms 6.50.0620 or CPP6 specific firmware 6.50.0128.
This combined firmware cannot be applied to CPP5 products with firmware version older than 5.91. It is required to upgrade to intermediate firmware 5.91 first
This means that intermediate firmware version 5.91 for CPP5 needs to be requested from your technical support. Only after receiving and uploading firmware 5.91, you can upload combined firmware package for all platforms e.g. 6.50.0620 or CPP5 specific firmware 6.30.0059. To find a combined firmware file in the downloadstore you can use the folowing URL syntax: https://downloadstore.boschsecurity.com/index.php?type=fw&filter=CPP
or you use the CPP 6.50 combined file here: https://downloadstore.boschsecurity.com/FILES/KnowledgeBase/CPP_FW_6.50.0620.fw
and Releaseletter of that combined firmware package: https://downloadstore.boschsecurity.com/FILES/KnowledgeBase/Bosch_Releaseletter_CPP_FW_6.50.0620.pdf
Note: Upgrading from versions lower than 5.5x
To upgrade to a newer firmware version using this combined firmware package, firmware versions before 5.5x require an intermediate update cycle using the respective platform firmware version mentioned above.
This firmware and its included platform firmware builds are not applicable to MPEG-4 products.
The final firmware version for VIP-X1600-XFM4 modules is FW 5.53. No newer firmware will be provided for these modules.
Configuration Manager cannot upload this Combined Firmware file to VIP-X1600-XFM4 modules. Use the module’s web page instead for uploading; or use the separate firmware file.
The final firmware version for CPP3 devices is FW 5.74. No newer firmware will be provided for these products.
The Combined Firmware file does not load onto VG4 AUTODOME or AUTODOME Easy II via the browser when running a firmware version before 5.52.0017. The specific platform file should be used instead.
(Note: In case any link might not work to the current DownloadStore, see attached a copy PDF of the Release Letter.)
How to get and request a BOSCH Legacy Firmware:
The procedure to request and get an legacy firmware that is no longer online in the web is as follows:
Customers are kindly requested to reach out to the local BOSCH Support (L1 and L2 team).
Bosch Level 2 will ask for the exact BOSCH Commercial Type Number (CTN). The local BOSCH team can check the Global End of service date. The project background (How many of these devices/cameras) need to be collected.
The relevant BOSCH Technical Support (e.g. Level 2) can explain and check if there is the chance to update the project and included management software in order to be able to use the latest BOSCH device firmware as the goal is to have a non-vulnerable product in productive environments.
In case there is no newer firmware available (hardware was discontinued), a commercial hardware upsell can be recommended.
In general all firmware that is not available on the product catalog, and for all firmware files that are ranked to have vulnerabilities, this need to be documented in a Technical Support case.
In case legacy firmware is anyhow needed and requested by our customers, the Bosch Technical support will start an approval flow. The BOSCH Level 3 Technical Support will provide a form/document that must be signed by the installer/endcustomer. See an example PDF (empty) "Example_Aged_Software_Release_form.pdf" attached to this article. Such a form will be prepared by the BOSCH Level 3 Technical support team and provided to our customer/installer in order to confirm that legacy firmware is then used on the risk of the installer and customer (See text and legal note in the PDF). In the future BOSCH plan to introduce and setup a self-service portal for all customers to simplify this process.
The above mentioned combined firmware 6.50 supports:
CPP7.3 HD and UHD cameras update from FW 6.40 or newer to latest FW 6.50
CPP7 UHD cameras update from FW 6.30 or newer to latest FW 6.50
CPP6 UHD cameras update from FW 6.10 or newer to latest FW 6.50
CPP5 encoders update from FW 5.91 or newer to latest FW 6.30
CPP4 HD cameras update from FW < 6.10 to intermediate FW 6.11 update from FW 6.10 or newer to latest FW 6.50
CPP3 cameras and encoders update from FW 4.54.0026 or newer to latest FW 5.74
CPP-ENC VIP-X1600-XFM4 encoders: update from FW 4.2x or newer to latest FW 5.53 VJT XF and VJD-3000 update to latest FW 5.97
The combined firmware package includes the following build versions:
CPP7.3 FW 6.50.0128
CPP7 H.264 6.50.0128
CPP6 H.264 6.50.0128
CPP5 H.264 6.30.0059
CPP4 H.264 6.50.0128
CPP4 H.264 6.11.0021
CPP3 H.264 5.74.0010
CPP-ENC H.264 5.97.0005 for VJT XF family, VJD-3000 and VJC-7000
CPP-ENC H.264 5.53.0004 for VIP X1600 XFM4
For detailed description please refer to the separate release letters.
Customers can upload such combined firmware packages by using multi-select in the Configuration tool "BOSCH Configuration Manager" (currently available in version 06.01.0157 at the BOSCH DownloadStore or Product catalog > Video Software > Video Management Systems > Configuration Manager)
When using the multi-select option in Configuration Manager, please make sure this combined firmware package for all platforms can be uploaded to all the devices selected and there are no additional requirements or intermediate steps needed for any of the devices in question.
This article has status of 31st of October 2018 and changes in this procedure might be introduced. When changes are done, then this article will be updated. Therefore check this article from time to time.
Autodome 7000 HD, MIC 7000i, and MIC 9000i
Why is the minimum FW version 6.52.0003 for these models?
In November 2018 an internal hardware (HW) change was made to these models that requries this new minimum FW verison. The new HW version isn't bckwards compatible with older FW versions.
If the unit has been upgraded to a higher version, how do I get the 6.52.0003 FW?
This FW verison was only released for these three models, so it isn't available on the Bosch Download Store. At this time, please contact Technical Support to obtain this FW. It will be available on the individual Produvt catalog pages by March 11, 2019 (or sooner).
Video Analytics for Firmware 6.60 and above
Technical Note on Intrusion Detection
The technical Note attached to this article contains detailed technical description of Intrusion Detection, set up guidance for different usage scenarios and best practices. It is useful to get in depth knowledge about Intrusion detection or to find the answer of frequently asked questions.
Intrusion detection without calibration
Learn how to use the default scenario - Intrusion detection no camera calibration: A predefined scenario that can be used to detect intruders in small areas and controlled environments
Intrusion detection one field
Learn how to use the default scenario - Intrusion detection one field: A predefined scenario that can be used to detect intruders in small areas.
Intrusion detection two fields
Learn how to use the default scenario - Intrusion detection two fields: A predefined scenario that can be used to detect intruders in large outdoor areas.
Note: If needed you can get additional how to information on camera calibration.
MTU and MSS
MTU stands for "Maximum Transmission Unit."
MTU is a networking term that defines the largest packet size that can be sent over a network connection. The MTU is typically limited by the type of connection, but may sometimes be adjusted IT network settings. The typical value of the Network MTU is 1514 Byte. If a system sends packets over an Ethernet network that are larger than this size, the data will be fragmented into smaller packets. When referring to Ethernet MTU this includes 4 Byte checksum. The 1514 Byte is the interface MTU without the Ethernet Checksum.
In cae there are limitations by the type of connection, the packets will then need to be reassembled on the receiving side (e.g. Bosch video management software or Bosch hardware decoder). However, it can be beneficial to optimize the packet size on the sender side (e.g. IP camera) to the exisitng network infrastructure.
As MTU maximum packet size is layer 1 related, the IP MTU that you can be adjusted at the BOSCH device configuration (Configuration Webpages or with the help fo BOSCH configuraiton software like "Configuraiton Manager"). The BOSCH GUI refers to this as “Network MTU”. BOSCH products can manage fragmented data.
MSS stands for "Maximum Segment Size"
The MSS value is calculated from the MTU. MSS = MTU – (layer 3 TCP header [20 Byte] + Layer 2 IP header [20 Byte]+ Layer Ethernet 1 [6+6+2 = 14 Byte])
For example looking at CPP 6 Platform – like FLEXIDOME IP panoramic 7000 MP in Firmware version 6.50.0128 you can adjust and find the following values:
Network MSS (in Byte) - default value = 1460
iSCSI MSS (in Byte) – default = 1460
Network MTU (in Byte) – default = 1514
MTU and MSS can be adjusted at all released firmware versions 4.x and later.
Here some screenshots as example based on Firmware 06.50.0128
How to terminate a M12 connector for FLEXIDOME micro 5000 MP?
Both RJ45 and M12 plug connectors are available with IEC 11801:2002 Cat5 compliance. This further simplifies the concurrent use of both connector types within a single system. Assembly consists of three easy steps, none of which require specialist tools. The plug connectors, compliant with all standards and fully shielded against EMC interference, are available in four-pin and eight-pin configurations. They can be connected to flexible or rigid wires, with sizes ranging from AWG 26 to AWG 22. This makes the connectors suitable for all Industrial Ethernet transmission systems, Ethernet-based fieldbus systems such as Profinet, and EtherNet/IP up to gigabit speeds. The M12 Quickon connector provides a sturdy metal housing with a plug-and-turn mechanism. A 360 degree shielding connection with an iris spring means the connector is well suited to system environments with large amounts of EMC interference. The compact design of the RJ45 Quickon connector, on the other hand, makes it suitable for horizontal or vertical multi-port connection (as is frequently required by switches, for example). Connector ID rings are available in eight colors to visually aid patch-bay layout.